Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Worms Security

Russian Denies Writing SoBig Worm 67

Posted by timothy from the nyet-nyet-nyet dept.
IphtashuPhitz writes "The Russian spamware programmer anonymously accused eariler this week of writing the Sobig worm has responded to the accusations. Ruslan Ibragimov of Send-Safe doesn't deny that his program uses proxies to hide spammer's identities. But he totally refutes the report's technical analysis in an online interview over at OReilly Network."
This discussion has been archived. No new comments can be posted.

Russian Denies Writing SoBig Worm More

Russian Denies Writing SoBig Worm

Comments Filter:

  • Remember the rules (Score:5, Insightful)

    by Underholdning ( 758194 ) on Wednesday November 03, 2004 @01:45PM (#10712787) Homepage Journal
    Rule #1:
    Spammers lie!

  • WTF? (Score:5, Insightful)

    by Otter ( 3800 ) on Wednesday November 03, 2004 @01:48PM (#10712836) Journal
    Not that I'm shedding any tears for this guy but does "Anonymous person accuses other person by name on the basis of sketchy circumstantial evidence!" really merit this degree of publicity?

  • TOTALLY REFUTES??? !!! (Score:2, Insightful)

    by Ancient_Hacker ( 751168 ) on Wednesday November 03, 2004 @02:00PM (#10713015)
    I'd reserve the phrase "totally refutes" for occasions where.... this actually happens. What I saw of the "refutation" was a few bits of unconvincing excuses and loose logic. The similarity in headers and the number and length of exact code matches is compelling and proabably irrefutable evidence.

  • Re:WTF? (Score:3, Insightful)

    by gl4ss ( 559668 ) on Wednesday November 03, 2004 @02:13PM (#10713195) Homepage Journal
    well.

    I found the biggest piece of evidence be the opcode similarities. which he doesn't comment at all, conviently.

    but would he ADMIT IT? with 250 000$ reward on his head? of course not. but I'd rather have had him refute it totally, by reasoning and not just claiming that it's bullshit(when he even admits himself that his full of bullshit and into selling software for harassing people who try to _not_ get harassed).

  • Well, he would, wouldn't he... (Score:3, Insightful)

    by advocate_one ( 662832 ) on Wednesday November 03, 2004 @02:23PM (#10713341)
    attributed to Mandy Rice-Davies when asked to comment on Astor's denial of ever seeing her [fact-index.com]
    While giving evidence at the trial of Stephen Ward, Rice-Davies made the quip for which she is most remembered. When the prosecuting counsel pointed out that Astor denied having met her, she replied, "Well, he would, wouldn't he?"

  • Re:Innocent until proven guilty (Score:2, Insightful)

    by fireboy1919 ( 257783 ) <rustyp AT freeshell DOT org> on Wednesday November 03, 2004 @03:57PM (#10714832) Homepage Journal
    But murders are only people who killed someone. Spammers are like lawyers: they're not actually people. And the subspecies who writes stuff for them aren't even spammers.

    Questions of "innocence" and "guilt" do not apply to these species; they don't have a concept for these things.

    Hopefully, one day, we will find a way to teach such things to these strange, primitive beings so that they can live beside humans in our struggle against the species that dominates this planet and threatens to wipe us out: politicians.

  • The evidence... (Score:5, Insightful)

    by JohnGrahamCumming ( 684871 ) * <slashdot@jgc.oERDOSrg minus math_god> on Wednesday November 03, 2004 @04:03PM (#10714938) Homepage Journal
    If you read the long boring document that fingers this Russian guy you'll see the following "evidence":

    1. Send-Safe and SoBig had same release dates. Where the margin on same is up to 10 days, and there are strange inaccuracies, for example the document states that on 5/23/2003 there was a SoBig release compiled on June 24, 2003. Other evidence hinges on the actions of SSSG without considering the possibilities that they were using a hacked version of Send-Safe.

    2. Document contains unfounded statements like "As SSSG appears to be a sizable organization, it would seem unlikely that any individual within the group would actually know the Sobig author(s)."

    3. The skills section is particularly funny since it lists skills like "Newsgroups" and states the the Russian has been posting on Newsgroups since 1998. Woo hoo!

    4. The use of %s section made me want to LOL. The authors see significance in the fact that neither piece of software uses %s to concatenate strings,
    sprintf( together, "%s%s", s1, s2 );
    would be unusual for any C programmer, yet
    sprintf( command, "RCPT TO:<%s>", rcpt );
    looks like something any C programmer would do.

    5. The note on string ordering with an example of SoBig vs Send Safe appears to me to show the opposite of what the authors intended. The two blocks look very different.

    6. A large part of the document is dedicated to showing how the two exectuables are "similar" at the opcode level. There is no actual evidence here, e.g. how about a disassembly of two identical blocks of code? The comparison is interesting, but doesn't tell us much without being able to see the actual code.

    Overall I though the PDF file was poorly written, lacking in rigor and provided no real evidence for the naming of this individual.

    Yes, he helps people spam, and that's very, very annoying, but "innocent until proven guilty" people? Or at least "innocent until you actually show some convincing evidence".

    John.

Slashdot Top Deals

UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn

Close